[pkg-gnupg-maint] Bug#1124429: trixie-pu: package gnupg2/2.4.7-21+deb13u1

Andreas Metzler ametzler at bebt.de
Thu Jan 1 06:07:29 GMT 2026 

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: gnupg2 at packages.debian.org, team at security.debian.org
Control: affects -1 + src:gnupg2
User: release.debian.org at packages.debian.org
Usertags: pu

Good morning,

we would like to fix CVE-2025-68973 and three other issues from
gnupg(dot)fail in the January stable (and oldstable) update.

Quoting Salvatore Bonaccorso in https://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/2025-December/010435.html

| Anyway, Moritz and I were today bit discussing anyway the gnupg2
| status and came back to the comment from Moritz about the point
| release. Given gnupg2 is so crucial in various ways within Debian and
| the point releases in 1.5 weeks ahead, we wanted to come back to
| suggest to make the point release updates with the key benefit to have
| gnupg2 exposed in public via the proposed updates suites as soon
| accepted.
| 
| Would you agree on this approach? The stable release managers private
| alias is CC'ed here so they are aware of this suggestion.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable


cu Andreas

PS: second try, 1st one was blocked because gnupg(dot)fail is in
spamhaus.
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnupg2_2.4.7-21+deb13u1.deb.diff.gz
Type: application/gzip
Size: 7438 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20260101/e7b12254/attachment-0001.gz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20260101/e7b12254/attachment-0001.sig>

More information about the pkg-gnupg-maint mailing list